addbuiltin tool does not generate issuer and serial number in trust object

RESOLVED FIXED in 3.6.1

Status

NSS
Tools
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: Julien Pierre, Assigned: Julien Pierre)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

15 years ago
Currently, in NSS_3_6_BRANCH, including the RTM, and on the tip, addbuiltin is
broken. It generates output that does not have the issuer serial number in the
trust object.

These are now required in NSS 3.6 due to a new optimization.

This is what bit us for the AOL roots, and bit us again for the TC trustcenter
roots.

The addbuiltin tool needs to be updated before it can be used again without
having to manually patch the output.
(Assignee)

Comment 1

15 years ago
Created attachment 102633 [details] [diff] [review]
Add issuer & sn to trust object so that generated output is valid for NSS 3.6+
(Assignee)

Comment 2

15 years ago
I tested the attached patch to regenerate the TC Trustcenter root, and it
worked. The output was generated correctly with the trust, and the resulting DLL
had the new roots trusted in Mozilla.
(Assignee)

Comment 3

15 years ago
Checked in to the tip :

Checking in addbuiltin.c;
/cvsroot/mozilla/security/nss/cmd/addbuiltin/addbuiltin.c,v  <--  addbuiltin.c
new revision: 1.4; previous revision: 1.3
done

Also on 3.6 branch :

Checking in addbuiltin.c;
/cvsroot/mozilla/security/nss/cmd/addbuiltin/addbuiltin.c,v  <--  addbuiltin.c
new revision: 1.3.54.1; previous revision: 1.3
done
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED

Comment 4

15 years ago
I suggest to land this patch on the client tag, so the tools included in the
source snapshot for Mozilla 1.2 will be correct.
Keywords: mozilla1.2
(Assignee)

Comment 5

15 years ago
Kai,

Technically, this patch was made in 3.6.1, which is still being worked on.
Wan-Teh, do we want to tag this patch with NSS_CLIENT_TAG ?
This would mean that the client tag would be slightly past NSS_3_6_RTM .

Comment 6

15 years ago
The Mozilla client doesn't need this patch for addbuiltin
but eventually NSS_CLIENT_TAG will be based on the
NSS_3_6_BRANCH and pick up this fix.
Target Milestone: --- → 3.6.1

Comment 7

15 years ago
Comment on attachment 102633 [details] [diff] [review]
Add issuer & sn to trust object so that generated output is valid for NSS 3.6+

r=wtc.
Attachment #102633 - Flags: review+
You need to log in before you can comment on or make changes to this bug.